keystore alias -- case sensitive or not

A KeyStore manages different types of entries, including cryptographic keys and certificates. Each entry in a keystore is identified by an "alias" string.

Before Java SE 6, the java spec didn't declare whether the alias should be case sesitive or not. As result in different implementation, as I known, Bouncy Castle Crypto package treats the keystore alias as case-sensitive data, while Sun and IBM providers regard it as case-insensitive for "JKS/JCEKS/PKCS12" keystore. However, with the support of PKCS11 key store, because of the PKCS#11 specification, the keystore alias is case sensitive for PKCS11 keystore.

In many documents, it is said that the keystore alias is case-insensitive. Which is not always true, it is also depend on the key store type except the keystore provider.

As a application, it used to use the default keystore provider and default keystore type. It is unfair or uncomfortable to identify the case sensitive property for a application if it want to rely on case-sensitive aliases.

At last, the current situation is: it is not certain that whether or not a keystore alias is case sensitive or not for different provider or different keystore.

Java SE 6 will delcare the situation in the key store specification: "Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case."

What should I do if I have no choice but case-sensitive keystore alias? There's a way, but no recommended. At and after Java SE 5.0 update 1 or java 1.4.2_07, there's a CaseExactJKS, which is basically JKS with case-sensitive aliases, not yet well documented.

    KeyStore ks;
    try {
        ks = Keystore.getInstance("CaseExactJKS");
    } catch (KeyStoreException e) {
        ks = KeyStore.getInstance("JKS");
    }

But, try to idependent from cases.
Comments:

u must b a genius to know all this. i wouldn't know it even if i looked it up then had to write it 100times nice work:)

Posted by Rachel on April 02, 2008 at 12:54 AM GMT+08:00 #

Post a Comment:
  • HTML Syntax: NOT allowed
About

A blog on security and networking

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today